When a computer operating system is processing, creating, or storing data, various types of malicious software (malware, computer viruses, etc.) can be used to gather sensitive data for the purpose of stealing (or infiltrating) sensitive information of personal, financial, or business importance. Malware can be designed to intercept this information in a variety of ways, such as by key logging, random access memory (“RAM”) scraping, cold booting, direct memory access (“DMA”) attacking or obtaining a print screen of the sensitive data from the computer. Malware can also access data that is stored, such as on a hard drive, especially when such data is being processed by the operating system.
A number of anti-malware/antivirus strategies exist to detect and remove malware software and to provide real-time protection against the installation of malware software on a computer. However, if the computer has already been compromised and malicious software already exists and is running on the computer, user remains vulnerable to having sensitive data hijacked. Furthermore, these software defined anti-virus mechanisms require frequent virus definition updates and leave a healthy window of vulnerability from when new Malware is introduced to society or when a counter measure or detection and quarantine method is available.
Data security issues become more complex in a network environment. Steps are usually taken to ensure that access to the network is controlled, and that data is not vulnerable to attack during transmission. Many technologies are also available to encrypt data to help ensure privacy of sensitive data. Encrypted data generally depends on the existence of a secret key (or certificate) shared between the communicating parties. This type of data security is often used for online credit/debit card purchases. However, in most system architectures, this type of encryption is often handled by the operating system and as such can be compromised by software running on a preexisting malicious node.